Answered: [Security threat] tags are not sanitized in extra question field

Post date: 2020-07-01 00:44:51
Views: 306

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.

Please click Here to read the full story.
 
Other Top and Latest Questions:
OpenAI proposes 5% stake to Trump administration to ease Washington pressure: Report
Restrictive immigration policies are changing the composition of the healthcare workforce
Jeff Bezos' family office backed five AI startups in June
U.S. closes 2022 probe into 695,000 Tesla vehicles over unexpected braking
How high hopes for Biden’s student-loan forgiveness plans cost borrowers
Ford CEO wants level playing field with Toyota, GM imports as USMCA trade talks reopen
These are the top stock picks from UBS analysts heading into the third quarter
All-ages places to watch the World Cup in downtown Chicago?
Contract Concerns
Movie: Cruel Fate